Critics say bill makes Vermont less competitive

By Sam Douglass

The House Committee on Commerce and Economic Development is continuing work on the new draft of a data privacy bill that could face a veto from Governor Scott if passed.

Data privacy laws have been adopted by many states to protect consumers and give them the opportunity to control or monitor how businesses use their personal information. For the second time in a few years, Vermont lawmakers are attempting to implement their own version, but the newest draft amendments to their existing bill S.71 are drawing criticism.

S.71 was introduced in the 2025 legislative session and similar to the vetoed Vermont Data Privacy Act (VDPA) the year prior, it aimed to balance consumer protections with the needs of businesses. The bill drew immediate criticism from advocates for being too similar to the VDPA and it raised many of the same concerns.

The Vermont Data Privacy Act was considered among the broadest laws protecting consumer data in the country. It differed in several ways from the current Senate-passed language in S.71, including a significantly lower threshold at 10,000 fewer consumers before regulations would kick in.

The 2024 legislation was vetoed by Governor Scott over a private right of action provision, a mechanism that allows citizens to bring suits against companies for violating the law. At the time, Scott defended his veto stating that the legislation deviated too far from data privacy laws in other New England states, putting Vermont at a hostile disadvantage compared to its neighbors. He urged the legislature to maintain regional consistency in its lawmaking.

When S.71 passed the Senate last year, it had been gutted and replaced with an entirely separate bill, S.93, based on the “Connecticut model.” This followed Connecticut’s data privacy statutes which focused on a consent-based system to allow consumers to opt-in for the use of their data. This was the preferred route by the Scott administration and industry advocates but it wasn’t long before more changes were considered.

At the end of the 2025 session, amendments were introduced in the House as a strike-all intended to replace the language substituted by the Senate from S.93 with identical language from the original version of S.71. This would have effectively undone all of the work in the Senate.

The amendments were never voted on by the committee and the session ended with S.71 on the wall in the House. On April 24 of this year, the committee met and was presented with a new draft of amendments, a version closer to the changes made by the Senate in 2025, but with some differences that are once again raising concerns about regional competitiveness.

In a blog post on the Chamber of Commerce website, Megan Sullivan, a policy expert and statehouse lobbyist, argued that the newest draft of the bill threatens Vermont’s regional competitiveness, similar to the VDPA.

“The newly discussed draft continues to include provisions that go beyond what is currently in place in other states, raising significant concerns about regional compatibility, compliance burden, and the potential impact on Vermont’s business competitiveness,” said Sullivan.

Additionally, she believes that these concerns may warrant a veto from the Governor. 

“Two years ago, a more expansive data privacy proposal was vetoed by Governor Phil Scott due to concerns about its impact on businesses and the state’s economic climate. There has been no indication that the Administration’s position has shifted, underscoring the importance of a pragmatic and durable approach as the House considers next steps.”

However, conversation in the committee indicates a different trajectory for this year’s data privacy legislation and stakeholders are likely to remain vocal as the session gets closer to adjournment. 

In the digital age, consumers are increasingly commoditized, and an entire industry has been built around the collection and sale of data. Businesses rely on consumer data for marketing campaigns, product sales trends, and customer analytics. But do people understand how their data is used, and do they trust the businesses that use it? Some sources suggest they do not.

A report published by the Pew Research Center indicates that a majority of Americans are concerned about how businesses and governments use their personal data. Information for In Committee news reports are sourced from GoldenDomeVt.com and the General Assembly website. Generative AI has not been used in the writing of this story.